HOW TO GET THE CCIE

Cisco routers can watch the physical signals on an interface and trigger a backup interface if the primary link fails. The router will automatically drop the call after the primary circuit comes back up:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

Router1(config-if)#encapsulation frame-relay

Router1(config-if)#down-when-looped

Router1(config-if)#exit

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#ip address 10.1.1.10 255.255.255.252

Router1(config-subif)#frame-relay interface-dlci 50

Router1(config-subif)#exit

Router1(config)#interface BRI0/0

Router1(config-if)#ip address 10.1.99.55 255.255.255.0

Router1(config-if)#encapsulation ppp

Router1(config-if)#dialer idle-timeout 300

Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212

Router1(config-if)#dialer load-threshold 50 either

Router1(config-if)#dialer-group 1

Router1(config-if)#isdn switch-type basic-ni

Router1(config-if)#isdn spid1 800555123400 5551234

Router1(config-if)#isdn spid2 800555123500 5551235

Router1(config-if)#ppp authentication chap

Router1(config-if)#ppp multilink

Router1(config-if)#exit

Router1(config)#dialer-list 1 protocol ip permit

Router1(config)#end

Router1#

In this example, the primary WAN interface is a Frame Relay connection. However, this would work just as well on just about any kind of interface. The main reason why we used Frame Relay is to show that you have to put the backup commands on the physical interface, not on any subinterfaces or virtual interfaces. If this router loses physical signaling on the serial interface, it will automatically bring up the dial backup. The key to this configuration method is the backup command, which you associate with the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#backup delay 0 300

Router1(config-if)#backup interface BRI0/0

In this case, you can see that the backup interface for this serial port is the ISDN interface, BRI0/0. We also included a backup delay command, which specifies two times. The first parameter tells the router how long it should wait before bringing up the backup after it loses signals on this primary interface. In this case, we don't want to wait. If there is a failure, we want the backup to activate immediately. However, in some cases, you might want to delay slightly to save money on backup charges in case the primary comes back again right away. So, if you wanted to wait 15 seconds before dialing, you could configure it like this:

Router1(config-if)#backup delay 15 300

The second number tells the router how long to wait after the primary recovers before dropping the dial connection. In Frame Relay in particular, it can take a minute or more after you see physical signals before there is end-to-end connectivity. So it is important to keep the backup link active until everything has stabilized. Also, sometimes a link will bounce up and down if there are electrical problems. Specifying a sensible delay before dropping the backup link ensures helps with link stability.

We have also included the down-when-looped command on the primary interface:

Router1(config)#interface Serial0/0

Router1(config-if)#down-when-looped

The dial backup will only trigger if this interface line protocol is in a down state. Normally, when you put a circuit into a loopback state for testing, the router considers the interface to be in an up state, but looped. However, in this diagnostic state the circuit will not pass any data. So, by configuring down-when-looped, we ensure that the backup will trigger if somebody runs a loopback test (perhaps unintentionally) on the primary circuit.

In general, we don't recommend using the backup interface method for dial backup. There are many types of WAN problems in which you will lose IP connectivity, but you don't lose physical signaling on the interface. For example, in the Frame Relay case again, there could be a problem in the cloud that causes you to lose your virtual circuit. Or you might be connected to a faulty network termination device that keeps signals active even though it doesn't have a real connection.

There is another important disadvantage to using the backup interface method. The router keeps backup interfaces disabled until it needs to dial. This causes two problems.

First, it means that you have to wait longer to dial because the router has to first establish physical connectivity with the backup network. In the case of ISDN, this can take 1015 seconds.

The second problem is that, with ISDN interfaces, you lose the ability to see the state of the ISDN connection. Normally, if an ISDN interface is connected but not dialed, you can use the show isdn status command to verify that it is talking to the carrier's switch correctly. However, since the backup interface is disabled with the method shown in the current recipe, you can't easily verify that your backup circuit is working without failing the primary circuit.

There is actually an interesting way to get around this last problem, though. Instead of making your backup interface be a physical interface like an ISDN port, as we did in this example, you could make the backup interface be a dialer interfac. In this case, the dialer interface will remain down when the primary is working, but the ISDN interface will still be up. And this means that you will be able to use the various show isdn commands, as you can with the other methods.

There is one interesting extra option to the backup interface configuration that can be useful in some situations. In addition to triggering the backup circuit when the primary circuit fails, you can configure the router to trigger the backup circuit when the load on the primary circuit gets heavy. This is a form of bandwidth on demand:

Router1(config)#interface Serial0/0

Router1(config-if)#backup load 75 25

This command trigger the dial backup when the load on the primary interface rises about 75 percent, and deactivates it when the load drops below 25 percent.

Note, however, that to be really useful as additional bandwidth, you have to make sure that the routing over this new connection makes sense. In particular, it doesn't really help much unless the routing protocol sees the two paths as equal and shares the load between them. This will generally require some careful metric tuning in your routing protocol or use of the unequal cost load-sharing features available in some routing protocols. It also may require that the dial backup circuit terminates on the same router as the primary circuit to ensure that two-way load sharing works properly.

AutoQoS is an extremely useful feature that can take a lot of the mystery out of building a QoS policy. Unfortunately, there are several restrictions on this feature that you need to be aware of.

First, it is only available on point-to-point links between routers. This includes point-to-point subinterfaces on ATM and Frame Relay PVCs, as shown in the example. The feature is also available on PPP and HDLC Serial connections. It cannot be used on any multiple access media, including Ethernets, or multipoint subinterfaces.

Second, it can't be used with any virtual templates or frame map statements. It cannot be used with either Frame Relay or ATM SVCs.

Third, it must be enabled on both ends of each link or PVC. This doesn't necessarily mean that both routers must run the same IOS version, however, as long as the AutoQoS feature is available on both routers.

Fourth, you should disable any other service policies or access-groups on the router, even if they are associated with different interfaces.

And finally, you must ensure that CEF is enabled for this feature to work.

AutoQoS for VoIP was introduced in IOS Version 12.2(15)T. This command is actually a macro that adds a series of commands to your router's configuration. You can use the show auto qos command to see exactly what it has added:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-UnTrust

  class AutoQoS-VoIP-RTP-UnTrust

   priority percent 70

   set dscp ef

  class AutoQoS-VoIP-Control-UnTrust

   bandwidth percent 5

   set dscp af31

  class AutoQoS-VoIP-Remark

   set dscp default

  class class-default

   fair-queue

 !

 ip access-list extended AutoQoS-VoIP-RTCP

  permit udp any any range 16384 32767

 !

 ip access-list extended AutoQoS-VoIP-Control

  permit tcp any any eq 1720

  permit tcp any any range 11000 11999

  permit udp any any eq 2427

  permit tcp any any eq 2428

  permit tcp any any range 2000 2002

  permit udp any any eq 1719

  permit udp any any eq 5060

 !

 rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS

 rmon alarm 33333 cbQosCMDropBitRate.1169.1171 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0

  frame-relay traffic-shaping

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-UnTrust

Router1#

Clearly, this little macro has done a lot of work, and in fact this command output doesn't show the class-maps that were created at the same time! Let's examine what it did. First, it created a policy-map called AutoQoS-Policy-UnTrust, which allocates up to 70% of the bandwidth on this link to voice traffic and another 5% to VoIP control packets. It also sets the DSCP values for these traffic streams, overriding whatever values were previously in the packets. All other traffic is configured to use weighted fair-queuing (WFQ).

Then, skipping over the access-lists, whose purpose is fairly clear, the macro has created an RMON rule that will automatically send an SNMP trap every time the router is forced to drop a voice packet. You can then use these trap logs to determine if the queuing parameters are appropriate. If you find that you are dropping a lot of packets, then you may need to increase your bandwidth to reduce congestion.

And finally, it has implemented Frame Relay Traffic Shaping to ensure that the router doesn't attempt to overrun the CIR for the PVC. This is a critical consideration because, by default, the router will assume that it can transmit at wire speed on each PVC individually. So if you have several PVCs on a single physical circuit, it will allow any of them to burst to the full bandwidth capacity of the interface, possibly over-running the CIR of the PVC. As a result, even with the best queuing strategy on the router, you could find yourself dropping packets in the frame cloud.

The AutoQoS for the Enterprise feature was introduced in IOS Version 12.3(7)T. It classifies traffic into 10 categories, which are listed in Table 11-2. Note that if the discovery feature doesn't see any traffic of a particular type, then AutoQoS will not create a corresponding class on the router.

Table 11-2. AutoQos traffic classes
Class Name	DSCP	Description
IP Routing	CS6	Routing protocol and ICMP traffic
Interactive Voice	EF	RTP Voice traffic
Interactive Video	AF41	RTP Video traffic
Streaming Video	CS4	Various streaming audio and video protocols, such as CU-SeeMe, RealAudio, and Netshow
Telephony Signaling	CS3	RTP and H.323
Transactional/Interactive	AF21	Database protocols, such as SAP, SQLNet, and SQLServer, as well as interactive protocols, including Citrix, Telnet, Notes, SSH, and X11
Network Management	CS2	Primarily SNMP
Bulk Data	AF11	Batch file transfer protocols such as FTP, Exchange, POP3, SMTP, NNTP, and network printing
Scavenger	CS1	Various peer-to-peer and entertainment protocols, including Napster, Fasttrack, and Gnutella; this group is given a worse than best-efforts priority
Best Effort	0	Various miscellaneous protocols, including HTTP, NFS, SunRPC, NTP, and gopher, as well as any unidentified traffic

We enabled auto discovery QoS on both ends of a Frame-Relay PVC, ran some traffic through the link and then looked at the output of the show auto discovery qos command to see what the router suggested for a QoS policy:

Router1#show auto discovery qos

Serial0/0.1

 AutoQoS Discovery enabled for applications

 Discovery up time: 3 minutes, 41 seconds

 AutoQoS Class information:

 Class Voice:

  No data found.

 Class Interactive Video:

  No data found.

 Class Signaling:

  No data found.

 Class Streaming Video:

  No data found.

 Class Transactional:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  telnet             1/<1               32/2               53404

 Class Bulk:

  No data found.

 Class Scavenger:

  No data found.

 Class Management:

  Recommended Minimum Bandwidth: 1 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  snmp               1/<1               11/<1              50245

 Class Routing:

  Recommended Minimum Bandwidth: 0 Kbps/0% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  icmp               0/0                8/<1               11432

  eigrp              0/0                0/0                6016

 Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

Suggested AutoQoS Policy for the current uptime:

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Management-Se0/0.1

  match protocol snmp

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Management-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs2

  class class-default

   fair-queue

Router1#

As you can see, we didn't let the discovery phase run for very long, and consequently did not discovery very many types of traffic. The router saw no traffic in the Voice, Interactive Video, Telephony Signaling, Streaming Video, Bulk, or Scavenger classes. But it did see some TELNET traffic in the Transactional class, some SNMP traffic in the Network Management class, as well as some Routing Protocol and Best Efforts traffic. Note that the command output includes average and peak rate traffic statistics, which the router will use to help determine queuing parameters:

Class Best Effort:

  Current Bandwidth Estimation: 3 Kbps/<1% (AverageRate)

  Detected applications and data:

  Application/       AverageRate        PeakRate           Total

  Protocol           (kbps/%)           (kbps/%)           (bytes)

  -----------        -----------        --------           ------------

  http               3/<1               33/2               84777

  unknowns           0/0                0/0                184

The output then ends with a suggestion for a QoS policy-map to be applied to this interface. This output shows that the AutoQoS feature uses the NBAR match command to identify protocols. NBAR is the basis of AutoQoS.

Once we are satisfied that this is a good QoS policy, we enable it by using the auto qos command:

Router1(config)#interface Serial0/0.1 point-to-point

Router1(config-subif)#frame-relay interface-dlci 904

Router1(config-fr-dlci)#auto qos

%Creating new map-class.

Router1(config-fr-dlci)#no auto discovery qos

Router1(config-fr-dlci)#exit

Router1(config-subif)#exit

It is critical to enable AutoQoS before disabling the discovery feature. Otherwise, the router will lose all of the traffic information that it has learned.

If you want to see the new configuration commands that AutoQoS has added to your router, use the show auto qos command:

Router1#show auto qos

 !

 policy-map AutoQoS-Policy-Se0/0.1

  class AutoQoS-Transactional-Se0/0.1

   bandwidth remaining percent 1

   random-detect dscp-based

   set dscp af21

  class AutoQoS-Routing-Se0/0.1

   bandwidth remaining percent 1

   set dscp cs6

  class class-default

   fair-queue

 !

 policy-map AutoQoS-Policy-Se0/0.1-Parent

  class class-default

   shape average 1544000

   service-policy AutoQoS-Policy-Se0/0.1

 !

 class-map match-any AutoQoS-Transactional-Se0/0.1

  match protocol telnet

 !

 class-map match-any AutoQoS-Routing-Se0/0.1

  match protocol icmp

  match protocol eigrp

  match protocol rip

Serial0/0.1: DLCI 904 -

 !

 interface Serial0/0.1 point-to-point

  frame-relay interface-dlci 904

   class AutoQoS-FR-Se0/0-904

 !

 map-class frame-relay AutoQoS-FR-Se0/0-904

  frame-relay cir 1544000

  frame-relay bc 15440

  frame-relay be 0

  frame-relay mincir 1544000

  service-policy output AutoQoS-Policy-Se0/0.1-Parent

Router1#

Note that the actual policy map does not exactly match the version that we saw earlier during the data collection phase. The biggest difference is that the router saw some additional RIP traffic in the meantime and added this protocol to the class called AutoQoS-Routing-Se0/0.1. It has also created a Frame Relay map class that includes traffic shaping parameters for the PVC.

Because AutoQoS adds so many different commands to the router configuration, if you want to disable AutoQoS, it is not sufficient to just remove the auto qos command. You will need to remove all of the other commands separately. In fact, you should be careful about removing this command because if you do so, the show auto qos command will no longer function, making it much more difficult to figure out what commands are actually related to this feature. To make matters worse, once you have removed the auto qos command, you can't even put it back because the router needs to repeat the discovery phase first!

If you want to remove this feature after you have enabled it, we recommend capturing the output of the show auto qos command and using a text editor to create a configuration script that selectively eliminates all of the associated commands.

AutoQoS for the Enterprise can be a useful way of generating a detailed queuing strategy for your network. We do urge some caution in using this feature, however. In our experience, the discovery option can be unreliable. In particular, if you are using NBAR or have access-groups enabled on the router, this can interfere with the data collection. Furthermore, we have seen questionable results in the output that went away after disabling and re-enabling the discovery option.

We strongly recommend looking very closely at the recommendations made by this command before implementing them.

Working with CCIE, experts have a chance to ascertain their selves in the area of networking. Only some thousand individuals are thought to crystal clear the CCIE test. CCIE labs are thought-about to impart large phase of training ambiance, which functions as being a sizeable gain for candidates.

CCIE examination entails two assessments, which might be a CCIE composed investigate as well as a CCIE lab test. In order to endeavor the lab examination, it's essential to apparent the published examination. Should you be not inside of a situation to crystal clear the developed examination the 1st time, it's best to check out for just a hundred and eighty days for retaking it. Once clearing the authored investigate, it can be highest quality to make an experiment with for that CCIE lab exam within just eighteen months. It you are unable to very clear the lab examination, then you definitely need to re-try inside of twelve months with a watch to take care of the penned examination result valid.

It's got a time prohibit of two hrs and it is completed in various sorts of have a look at centers around the world. The matters lined throughout the composed exam depend on the specialization or track you select. For services provider, you might opt for from groups like Cable, DSL, IP Telephony, Dial, Subject material content Networking, Optical, WAN switching, and Metro Ethernet. Each and every authored exam is built to choose from in the beta style at a worth of $50 USD.

The CCIE lab examination is exceptional in naturel, as it is really an eight-hour test, which tests the facility from the candidate to configure and troubleshoot networking devices. Cisco has big degree of package in its CCIE labs to be used during the lab exams. The blue print on the lab examination is available on its website. The lab examination is not attainable whatsoever Pearson VUE or Prometric testing centers.

A standard CCIE R&S lab examination contains a two-hour hassle-taking pictures section by which you may be presented a collection of tickets for preconfigured networks throughout the CCIE labs. Make sure you have the ability to identify and resolve the faults. You can proceed towards the configuration part upon you end the troubleshooting part.

A sound passing score is critical to aim a CCIE Labs examination. Cisco uses the help of proctors to guage the candidates in the preliminary rounds in its CCIE labs located worldwide. Factors are awarded when a criterion is met and grading is completed utilizing some computerized tools. The outcomes of a lab examination are mirrored within forty 8 hrs. A move/fail is projected within the end outcome and in case of a fail, the areas where you're lacking behind are talked about so as to put together properly earlier than a re-try.

Cisco stands out inside the discipline of networking by providing a CCIE certification so that you can pursue your education as well as get acknowledged by a reputed organization. The CCIE lab exam can be utilized for a platform to challenge your capability in varied tracks provided by Cisco. Attempting a lab exam requires rigorous exercise and substantial sense of understanding. The CCIE labs sort step one to your superior potential career.

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

It can be aimed to pick the professionals within just the networking opportunity for your famend firm presenting alternatives to your specialized departments. Along with a reason to obtain CCIE certification the candidates have to transfer by two important alternative checks. To start with, the penned test may be to be handed soon after which the candidates can sit for that Lab exam. The brief-listed candidates can entirely have CCIE certification. In order to get ready for that CCIE exams, CCIE Bootcamp is constructed.

CCIE Bootcamps deliver primarily the foremost simple tactic of passing out the checks of CCIE. You can get multiple corporations reasonably institutes which provide CCIE Bootcamp schooling similar to Cathay Faculty. Which has a watch to grow for being qualified for the bootcamps the institutes in many cases existing a prerequisite. It can help to boost the prospect belonging to the candidates to move the CCIE exams in the increased way than others. This prerequisite known as CCNP position.

The affiliated fee for taking the CCIE Stability test is great, so most candidates go for the preparing class to cross it in a single sitting. Some impartial organizations and institutions offer courses and workshop to these choosing CCIE Safety coaching. Nevertheless, most candidates prefer to benefit from the instructor-led and on-line workshops, which Cisco provide you with, like a element of Approved Finding out Companions program. The education possible choices are presented in addition to the educators are acknowledged by Cisco.

For your CCIE Stability certification, you have got to sign up for that written examination in your own space of specialization. All the exams are carried out for the Cisco approved facility, which also accepts value for the examination. The price of taking a CCIE penned examination is from $80 to $325. The written examination is supervised and done on a laptop. It is really of 1 or two hrs paper made up of a considerable number of alternatives, drag and drop questions and fill inside blanks. Aside from white boards and markers for calculations, as a applicant for CCIE Protection coaching examination, you aren't allowed to carry every other merchandise for the test hall.

CCIE Bootcamp is accompanied by having a number of techniques to provide the simplest preparation materials with the college students. They predominantly offer you some must-have publications to arrange them for that published CCIE consider a look at jointly with some on-line accessibility for your Lab examination. Counting on these two groups the CCIE Bootcamps is divided into two sections. The divisions are course construction and also the Lab simulation. The category development entails two phases and they are fingers-on coaching and lectured-based typically lessons. Within the class composition the students are offered with all the data of Bit splitting, VLSM and many others. However the lab simulation is important half of CCIE Bootcamp. Right here the scholars are subjected to cope with a couple of real-life troubles as well as the troubleshooting abilities are checked properly. That's the best phase of CCIE Bootcamps the position the students are nicely-prepared for that Blueprintv4, MPLS and so forth. These methodologies improve students to troubleshoot any real-life concerns and boost the facility to discover the appropriate answers.

But you'll notice few trustworthy institutes available attainable in the advertise which delivers complete CCIE Bootcamps. Amongst countless properly-renowned institutes is Cathay School which renders relatively good companies in case of bootcamps for CCIE. They provide bootcamp facilities to quite vast quantity of school pupils from a few corners around the world like Australia, Norway, United kingdom, Sweden, USA and many alot more. In accordance when using the stats of this institute from 2005, they're sustaining document selection of proportion of passing rate in CCIE exam. This file is by itself a form of guarantee for them. There are lots of will cause to select out Cathay Faculty for CCIE Bootcamps. The report amount of passing rate of just about 90% is the most appealing function of it. Other than it, one other excellent attribute certainly is the one-to-one lab coaching which allow the pupils to filter out all of the doubts relating to any downside in the instructors.

The needed material regarding the bootcamp is available into the trusted agency web-site which happens to be cathayschool.com. It's a exceedingly hassle-free page which supplies more than a few putting facilities like on-line Self-Study CCIE Lab Workbooks, one-on-one on the web coaching, Instructor Led exercise etcetera. Every one of the services and then the class durations together together with the funds are effectively-described right here these the customers needs to not really have to encounter any sort of hassle relating to CCIE Bootcamps.

The NBAR feature is used to identify traffic within a class-map. You can then use the class-map in a policy-map to define how the router should handle each application data stream:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip cef

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

Router1(config-cmap)#exit

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

Router1(config-pmap)#class class-default

Router1(config-pmap-c)#bandwidth percent 20

Router1(config-pmap-c)#random-detect dscp-based

Router1(config-pmap-c)#exit

Router1(config-pmap)#exit

Router1(config)#interface FastEthernet0/0

Router1(config-fi)#service-policy inbound QoSPolicy

Router1(config-if)#exit

Router1(config)#end

Router1#

Cisco also offers the ability to download specialized Packet Description Language Module (PDLM) files onto the router's flash device, and then activate them for use with NBAR classification:

Router1#show flash

System flash directory:

File  Length   Name/status

  1   23169076  c2600-ipvoice-mz.124-10.bin

  2   3100     bittorrent.pdlm

[23172304 bytes used, 9857836 available, 33030140 total]

32768K bytes of processor board System flash (Read/Write)

Router1#Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

Router1(config)#class-map BITTORRENT

Router1(config-cmap)#match protocol bittorrent

Router1(config-cmap)#exit

Router1(config)#end

Router1#

And you can also use NBAR to automatically profile the protocols on a particular interface:

Router1#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip nbar protocol-discovery

Router1(config-if)#exit

Router1(config)#end

Router1#

Network Based Application Recognition (NBAR) is an extremely useful feature that first became available in IOS Version 12.0(5)XE2, and more generally in 12.1(5)T. Cisco continues to add new protocols to NBAR, allowing you to categorize more and more different traffic streams on your network. The one caveat to using NBAR is that it can introduce a heavy additional load on your router's CPU. We recommend monitoring the CPU utilization after implementing any NBAR-based filtering, at least until you are confident that the router is not straining under the additional load.

The basic syntax is to set up a class-map, and then use the match protocol command with the appropriate keyword:

Router1(config)#class-map INTERACTIVE

Router1(config-cmap)#match protocol citrix

Router1(config-cmap)#match protocol telnet

We used Citrix as an example protocol in this recipe because it is a classic example of the need for the NBAR feature. This is a proprietary protocol that is used in thin-client architectures. The end user's workstation is just a terminal that displays graphical information from the screen of a centrally located computer running a virtual desktop for the user. The protocol transmits graphical information and keystrokes. Because it is an interactive application, it needs to be given high priority through the network. However, it is notoriously difficult to reliably identify from Layer 3 and 4 information:

As the example shows, you can then use this class in a policy-map:

Router1(config)#policy-map QoSPolicy

Router1(config-pmap)#class INTERACTIVE

Router1(config-pmap-c)#bandwidth percent 50

Router1(config-pmap-c)#set dscp ef

Router1(config-pmap-c)#exit

NBAR classifies applications at the application layer, allowing you to differentiate between different streams of traffic that may actually use the same UDP or TCP port numbers, as well as streams of traffic that may use a variety of ports or even arbitrary port numbers.

Here is a list of supported protocols as of IOS Version 12.4(10):

Router1(config-cmap)#match protocol ?

  arp            IP ARP

  bgp            Border Gateway Protocol

  bridge         Bridging

  cdp            Cisco Discovery Protocol

  citrix         Citrix Systems ICA protocol

  clns           ISO CLNS

  clns_es        ISO CLNS End System

  clns_is        ISO CLNS Intermediate System

  cmns           ISO CMNS

  compressedtcp  Compressed TCP (VJ)

  cuseeme        CU-SeeMe desktop video conference

  dhcp           Dynamic Host Configuration

  dns            Domain Name Server lookup

  edonkey        eDonkey

  egp            Exterior Gateway Protocol

  eigrp          Enhanced Interior Gateway Routing Protocol

  exchange       MS-RPC for Exchange

  fasttrack      FastTrack Traffic - KaZaA, Morpheus, Grokster...

  finger         Finger

  ftp            File Transfer Protocol

  gnutella       Gnutella Version2 Traffic - BearShare, Shareeza, Morpheus ...

  gopher         Gopher

  gre            Generic Routing Encapsulation

  h323           H323 Protocol

  http           World Wide Web traffic

  icmp           Internet Control Message

  imap           Internet Message Access Protocol

  ip             IP

  ipinip         IP in IP (encapsulation)

  ipsec          IP Security Protocol (ESP/AH)

  irc            Internet Relay Chat

  kazaa2         Kazaa Version 2

  kerberos       Kerberos

  l2tp           L2F/L2TP tunnel

  ldap           Lightweight Directory Access Protocol

  llc2           llc2

  mgcp           Media Gateway Control Protocol

  napster        Napster Traffic

  netbios        NetBIOS

  netshow        Microsoft Netshow

  nfs            Network File System

  nntp           Network News Transfer Protocol

  notes          Lotus Notes(R)

  novadigm       Novadigm EDM

  ntp            Network Time Protocol

  ospf           Open Shortest Path First

  pad            PAD links

  pcanywhere     Symantec pcANYWHERE

  pop3           Post Office Protocol

  pppoe          PPP over Ethernet

  pptp           Point-to-Point Tunneling Protocol

  printer        print spooler/lpd

  rcmd           BSD r-commands (rsh, rlogin, rexec)

  rip            Routing Information Protocol

  rsrb           Remote Source-Route Bridging

  rsvp           Resource Reservation Protocol

  rtcp           Real Time Control Protocol

  rtp            Real Time Protocol

  rtsp           Real Time Streaming Protocol

  secure-ftp     FTP over TLS/SSL

  secure-http    Secured HTTP

  secure-imap    Internet Message Access Protocol over TLS/SSL

  secure-irc     Internet Relay Chat over TLS/SSL

  secure-ldap    Lightweight Directory Access Protocol over TLS/SSL

  secure-nntp    Network News Transfer Protocol over TLS/SSL

  secure-pop3    Post Office Protocol over TLS/SSL

  secure-telnet  Telnet over TLS/SSL

  sip            Session Initiation Protocol

  skinny         Skinny Protocol

  smtp           Simple Mail Transfer Protocol

  snapshot       Snapshot routing support

  snmp           Simple Network Management Protocol

  socks          SOCKS

  sqlnet         SQL*NET for Oracle

  sqlserver      MS SQL Server

  ssh            Secured Shell

  streamwork     Xing Technology StreamWorks player

  sunrpc         Sun RPC

  syslog         System Logging Utility

  telnet         Telnet

  tftp           Trivial File Transfer Protocol

  vdolive        VDOLive streaming video

  vofr           voice over Frame Relay packets

  winmx          WinMx file-sharing application

  xwindows       X-Windows remote access

Router1(config-cmap)#

You can obtain and install new PDLM files from Cisco. In the example, we have downloaded a new PDLM file that can identify the BitTorrent protocol. Once we put this file on the router's Flash device, we need to tell NBAR to load the file to make it available:

Router1(config)#ip nbar pdlm flash://bittorrent.pdlm

In the past, Cisco has also made PDLM files available to help network administrators to use NBAR to help to identify hostile applications such as viruses and worms.

We are not aware of PDLM files originating from sources other than Cisco, but we strongly recommend that you use only files that you obtain directly from Cisco. Otherwise, you could potentially open your network to serious security vulnerabilities.

We note in passing that Cisco has also added the option to manually create your own NBAR rules using the ip nbar custom command. This feature should allow you to, for example, define a new protocol by specifying TCP or UDP port numbers, as well as any special rules that look for identifiable content at a particular bit offset in the packet payload. However, the syntax for this feature is confusing, and the parser is apparently unstable in some IOS versions, so we don't currently recommend using it.

The last feature discussed in the Solution section of this recipe is the NBAR Protocol-Discovery feature. This is a useful tool for figuring out what is going through your network, particularly if you are trying to define a QoS strategy. You can use the show ip nbar protocol-discovery command to get detailed statistics on the utilization for every type of protocol that NBAR understands. However, NBAR now supports so many protocols that this complete list is often not very useful for spotting trends. Instead, we suggest using the top-n keyword with a relatively small argument number, such as 5, or at most 10. This will allow you to immediately see statistics for the top protocols for each interface on which you enabled the feature:

Router1#show ip nbar protocol-discovery top-n 5

 FastEthernet0/0

                            Input                    Output

                            -----                    ------

   Protocol                 Packet Count             Packet Count

                            Byte Count               Byte Count

                            5min Bit Rate (bps)      5min Bit Rate (bps)

                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)

   ------------------------ ------------------------ ------------------------

   icmp                     220                      110

                            25080                    12540

                            0                        0

                            4000                     3000

   http                     55                       104

                            3763                     60019

                            0                        0

                            1000                     4000

   telnet                   130                      71

                            19212                    4269

                            0                        0

                            3000                     1000

   eigrp                    90                       45

                            6660                     3330

                            0                        0

                            0                        0

   secure-http              4                        4

                            248                      216

                            0                        0

                            0                        0

   unknown                  2                        2

                            122                      112

                            0                        0

                            0                        0

   Total                    501                      336

                            55085                    80486

                            0                        0

                            8000                     8000

Router1#

There isn't really a need to have a second qualified workout or training course certificates to qualify.

The CCIESecurityTrainingcoaching is made of a created examination to qualify after which the lab examination. You could be proposed to obtain on the least 3-5 ages of position knowledge before than striving this certification.

The examination for that CCIE Security is of two-hour size with several possibilities. This is made of hundred problems, which can go over matters equivalent to application protocols, operating solutions, basic safety technologies, basic safety protocols, and Cisco basic safety purposes. The examination materials are furnished over the spot so you are not permitted to usher in exterior reference materials.

Network engineers possessing a CCIE certificates are thought of as because the knowledgeable inside neighborhood engineering discipline in addition to the masters of CISCO solutions. The CCIE has brought revolution in the local community industry relating to technically hard assignments and possible choices using the mandatory instruments and methodologies. You can find a method which updates and reorganizes the instruments to provide level of quality provider. There is totally different modes of CCIE Teaching like prepared examination preparing and efficiency based lab. This assists to reinforce the effectiveness and regular of the business. CISCO has launched this certification coverage in 1993 which includes a see to tell apart the highest gurus from the rest.

To be able to be certified, number one authored examination will need to be handed subsequent to which has to cross the lab test. CISCO at all days tries to apply totally distinctive CCIE Workout methods for larger performance. There are a variety of ways for your CCIE certification. The 1st step for certification is usually to move a two hours lasting computer dependent for the most part MCQ oriented authored test. For this test crucial payments have to be accomplished by way of on the web. This examination is involved with test vouchers and promotional codes. The authenticity of the voucher supplying firm ought to be effectively identified with the candidates. The promotional code needs to be accessed effectively and in case of fraudulent vouchers in addition to promotional codes shouldn't satisfactory and CISCO will not repay the cost. The candidates be required to wait five days for that created examination as a result of cost plus they can not sit for the exact test for that following 100 eighty days in the event of recertification.

By having a watch to obtain licensed and qualified for that CCIE Coaching some components are to get remembered effectively. After passing the created examination the candidates use a most of eighteen months time for making an attempt the lab exam. If the period of time exceeds then the authenticity within the published test would be invalid. For the earliest timer utilized to get CCIE certification the composed test is obtainable inside the kind of Beta examination with savings attainable. During the Beta period of time the candidates can sit only when for that exam. The results will come inside of six to 8 weeks soon after the examination is through.

The next phase for your CCIE certification stands out as the Lab exam. The shortlisted candidates of this composed exam can entirely use for that fingers-on lab examination. Though there are lots of created examination centers of CISCO still Lab exam facilities are constrained. It can be an eight hour fingers-on functional primarily based generally examination whereby the power of troubleshooting and configuring neighborhood generally based mostly issues and computer software are checked. For your scheduling of Lab examination the shortlisted candidates from the earlier created examination needs to current the identification amount alongside passing rating in addition to the date of passing.

The cost for Lab examination has to be cleared earlier than 90 days from the scheduled exam. With out the fee the reservation could possibly be cancelled. Subsequent to passing the Lab examination blended considering the composed check the candidates can apply for the CCIE certification. By contemplating

The solution to this dilemma relies on the type of site traffic distinctions you'd like to create, likewise the version of IOS you will be jogging inside of your routers.

There ought to be some thing that defines the various types of customers that you just want to prioritize. Typically, the less difficult the distinctions are in making, the better. It's because all the assessments just take router assets and introduce processing delays. The commonest policies for distinguishing concerning targeted traffic varieties make use of the packet's input interface and common IP header related information these kinds of as TCP port figures. The next examples present a way to set an IP Precedence price of rapid (two) for all FTP regulate website traffic that arrives because of the serial0/0 interface, and an IP Precedence of priority (one) for all FTP info site visitors. This distinction is feasible as FTP handle visitors usages TCP port 21, and FTP info utilizes port twenty.

The brand new method for configuring this works by using course maps. Cisco earliest introduced this function in IOS Model twelve.0(five)T. This process earliest defines a class-map that specifies how the router will detect this kind of targeted visitors. It then defines a policy-map that truly helps make the changes to the packet's TOS field:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For earlier IOS versions, exactly where class-maps were not accessible, you could have to implement policy-based routing to alter the TOS discipline within a packet. Making use of this policy for the interface tells the router to implement this coverage to check all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Previous to one can tag a packet for wonderful procedure, you could have to have a particularly distinct idea of what varieties of site traffic demand distinctive therapy, not to mention exactly what sort of wonderful treatment they'll might need. Inside the instance, we have now made a decision to give a distinctive concern to FTP customers obtained on a specified serial interface. We display the way to try this implementing both the outdated and new configuration methods.
This might seem to become a rather artificial case in point. Following all, why would you care about tagging inbound targeted visitors you have already obtained from a low-speed interface? Ultimately, on the list of most crucial rules for applying QoS inside of a network is the fact make sure you normally tag the packet as early as possible, ideally on the edges for the network. Then, because it passes throughout the network, every single router only has to look into the tag, and does not need to do any more classification. In cases like this, we would make sure which the FTP page views returning in the other route is tagged because of the first router that gets it. So the outbound visitors has already been tagged, and it's a waste of router sources to reclassify the outbound packets.

Various organizations ultimately get this idea of marking on the edges a person stage additional, and remark any received packet. This assists to guarantee that consumers are not requesting distinctive QoS privileges which they are not authorized to have. All the same, you should be watchful of this due to the fact it may well quite often disrupt legit markings. For example, a real-time software may perhaps use RSVP to order bandwidth through the network. It's always critical that the packets for this software have the applicable Expedited Forwarding (EF) DSCP marking or even the network might not handle them effectively. Still, you also don't aspire to allow other non-real-time applications from this same exact supply hold the exact EF concern degree. So, for anybody who is going to configure your routers to remark all incoming packets at the edges, be sure you know what incoming markings are reputable.

In that situation, the routers are operating DLSw to bridge SNA targeted visitors thru an IP network. Therefore the routers their selves ultimately produce the IP packets. This makes an additional challenge since there is no incoming interface. So that recipe uses local policy-based routing. The very fact which the router results in the packets also offers it a very important advantage mainly because it doesn't have to think about any DLSw packets that might just take place to go through.

The benefits for the more recent class-map procedure aren't noticeable on this illustration, but on the list of number one massive pros appears if you need to make use of the greater fashionable DSCP tagging scheme. As the more mature policy-based routing solution will not specifically support DSCP, you might have to fake it by environment the two the IP Precedence and then the TOS separately as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps will likely be handy later in such a chapter when we discuss class-based weighted truthful queuing and class-based customers shaping.
It will be important to note that all the way through this entire illustration, we have only place a exclusive value into your packet's TOS or DSCP subject. This, by by itself, isn't going to have an effect on how the packet is forwarded by way of the network. To do that, you have to be sure that as every router around the network forwards these marked packets, the interface queues will react appropriately to this info.

Eventually, we should always notice that whilst this recipe demonstrates two practical means of marking packets, using Committed Entry Pace (Car or truck) functions. Automobile tends for being a great deal more productive on higher speed interfaces.

You can split the queues so that some use Priority Queuing and the remainder Custom Queuing:

Router#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#access-list 101 permit ip any any precedence 7

Router(config)#access-list 102 permit ip any any precedence 6

Router(config)#access-list 103 permit ip any any precedence 5

Router(config)#access-list 104 permit ip any any precedence 4

Router(config)#access-list 105 permit ip any any precedence 3

Router(config)#access-list 106 permit ip any any precedence 2

Router(config)#access-list 107 permit ip any any precedence 1

Router(config)#queue-list 1 protocol ip 1 list 101

Router(config)#queue-list 1 protocol ip 2 list 102

Router(config)#queue-list 1 protocol ip 3 list 103

Router(config)#queue-list 1 protocol ip 4 list 104

Router(config)#queue-list 1 protocol ip 5 list 105

Router(config)#queue-list 1 protocol ip 6 list 106

Router(config)#queue-list 1 protocol ip 7 list 107

Router(config)#queue-list 1 lowest-custom 4

Router(config)#interface HSSI0/0

Router(config-if)#custom-queue-list 1

Router(config-if)#exit

Router(config)#end

Router#

In this case, however, we have added the command:

Router(config)#queue-list 1 lowest-custom 4

This command allows you to mix Custom and Priority Queue types. Note that this command only works with queue-list number 1. It is not available for any other queue-lists.

In this example, queue number 4 is the lowest numbered Custom Queue. So, in this example, queues 1, 2, and 3 are all Priority Queues. This means that the router will deliver all of the packets in queue number 1, then all of the packets in queue number, and then all of the packets in queue number 3. Then, if these high priority queues are all empty, it will use custom queuing to deliver the packets in the lower priority queues.

The main advantage to this sort of configuration is that it gives absolute priority to real-time applications. This is important not because of the bandwidth, but because priority queuing the real-time applications minimizes their queuing latency.

The solution to this dilemma relies on the type of site traffic distinctions you'd like to create, likewise the version of IOS you will be jogging inside of your routers. CCIE Bootcamps

There ought to be some thing that defines the various types of customers that you just want to prioritize. Typically, the less difficult the distinctions are in making, the better. It's because all the assessments just take router assets and introduce processing delays. The commonest policies for distinguishing concerning targeted traffic varieties make use of the packet's input interface and common IP header related information these kinds of as TCP port figures. The next examples present a way to set an IP Precedence price of rapid (two) for all FTP regulate website traffic that arrives because of the serial0/0 interface, and an IP Precedence of priority (one) for all FTP info site visitors. This distinction is feasible as FTP handle visitors usages TCP port 21, and FTP info utilizes port twenty.

The brand new method for configuring this works by using course maps. Cisco earliest introduced this function in IOS Model twelve.0(five)T. This process earliest defines a class-map that specifies how the router will detect this kind of targeted visitors. It then defines a policy-map that truly helps make the changes to the packet's TOS field:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#

For earlier IOS versions, exactly where class-maps were not accessible, you could have to implement policy-based routing to alter the TOS discipline within a packet. Making use of this policy for the interface tells the router to implement this coverage to check all incoming packets on this interface and rewrite those that match the route map:Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#exit
Router(config)#route-map serialftp-rtmap permit 20
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip precedence priority
Router(config-route-map)#exit
Router(config)#interface serial0/0
Router(config-if)#ip policy route-map serialftp-rtmap
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#

Previous to one can tag a packet for wonderful procedure, you could have to have a particularly distinct idea of what varieties of site traffic demand distinctive therapy, not to mention exactly what sort of wonderful treatment they'll might need. Inside the instance, we have now made a decision to give a distinctive concern to FTP customers obtained on a specified serial interface. We display the way to try this implementing both the outdated and new configuration methods.
This might seem to become a rather artificial case in point. Following all, why would you care about tagging inbound targeted visitors you have already obtained from a low-speed interface? Ultimately, on the list of most crucial rules for applying QoS inside of a network is the fact make sure you normally tag the packet as early as possible, ideally on the edges for the network. Then, because it passes throughout the network, every single router only has to look into the tag, and does not need to do any more classification. In cases like this, we would make sure which the FTP page views returning in the other route is tagged because of the first router that gets it. So the outbound visitors has already been tagged, and it's a waste of router sources to reclassify the outbound packets.

Various organizations ultimately get this idea of marking on the edges a person stage additional, and remark any received packet. This assists to guarantee that consumers are not requesting distinctive QoS privileges which they are not authorized to have. All the same, you should be watchful of this due to the fact it may well quite often disrupt legit markings. For example, a real-time software may perhaps use RSVP to order bandwidth through the network. It's always critical that the packets for this software have the applicable Expedited Forwarding (EF) DSCP marking or even the network might not handle them effectively. Still, you also don't aspire to allow other non-real-time applications from this same exact supply hold the exact EF concern degree. So, for anybody who is going to configure your routers to remark all incoming packets at the edges, be sure you know what incoming markings are reputable.

In that situation, the routers are operating DLSw to bridge SNA targeted visitors thru an IP network. Therefore the routers their selves ultimately produce the IP packets. This makes an additional challenge since there is no incoming interface. So that recipe uses local policy-based routing. The very fact which the router results in the packets also offers it a very important advantage mainly because it doesn't have to think about any DLSw packets that might just take place to go through.

The benefits for the more recent class-map procedure aren't noticeable on this illustration, but on the list of number one massive pros appears if you need to make use of the greater fashionable DSCP tagging scheme. As the more mature policy-based routing solution will not specifically support DSCP, you might have to fake it by environment the two the IP Precedence and then the TOS separately as follows.

Router(config)#route-map serialftp-rtmap permit 10
Router(config-route-map)#match ip address 115
Router(config-route-map)#set ip precedence immediate
Router(config-route-map)#set ip tos max-throughput

In this case, the packet will wind up with an IP Precedence value of immediate, or 2 (010 in binary), and TOS of max-throughput, or 4 (0100 in binary).

Doing the same thing with the class-map method is much more direct:

Router(config)#policy-map serialftppolicy
Router(config-pmap)#class serialftpclass
Router(config-pmap-c)#set ip dscp af21

Class-maps will likely be handy later in such a chapter when we discuss class-based weighted truthful queuing and class-based customers shaping.
It will be important to note that all the way through this entire illustration, we have only place a exclusive value into your packet's TOS or DSCP subject. This, by by itself, isn't going to have an effect on how the packet is forwarded by way of the network. To do that, you have to be sure that as every router around the network forwards these marked packets, the interface queues will react appropriately to this info.

Eventually, we should always notice that whilst this recipe demonstrates two practical means of marking packets, using Committed Entry Pace (Car or truck) functions. Automobile tends for being a great deal more productive on higher speed interfaces.